Skip to content
Snippets Groups Projects
Commit cbfe4963 authored by Alex ORLUC's avatar Alex ORLUC
Browse files

FIX #1640 replace special char to avoid sql injection

parent 4b84405d
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
core/trunk/core/class/class_security.php
+ 12
0
View file @ cbfe4963
......@@ -92,6 +92,18 @@ class security extends dbquery
$array = array();
$error = '';
$uc = new users_controler();
$s_login = str_replace('\'', '', $s_login);
$s_login = str_replace('=', '', $s_login);
$s_login = str_replace('"', '', $s_login);
$s_login = str_replace('*', '', $s_login);
$s_login = str_replace(';', '', $s_login);
$s_login = str_replace('--', '', $s_login);
$s_login = str_replace(',', '', $s_login);
$s_login = str_replace('$', '', $s_login);
$s_login = str_replace('>', '', $s_login);
$s_login = str_replace('<', '', $s_login);
// #TODO : Not usefull anymore, loginmode field is always in users table
//Compatibility test, if loginmode column doesn't exists, Maarch can't crash
if ($this->test_column($_SESSION['tablename']['users'], 'loginmode')) {
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment